An Anonymous Authentication Scheme for Vehicle-to-Grid Networks

Vehicle to grid technology allows bidirectional energy exchange between electric vehicles and the power grid for achieving many known benefits. However, V2G networks suffer from certain security threats, such as EV’s privacy and authentication problem. In this paper, we propose an anonymous group authentication scheme for V2G communications. This scheme realizes dynamic joining and revocation of EVs, and greatly reduces the overhead of EV revocation. Through the theoretical analysis, this scheme can ensure identity privacy of EV user and security of data transmission in the process of charging and discharging.


Introduction
Depletion of fossil fuel reserves and prominence of environment problem gives a wakeup call for finding the alternative energy sources for these sectors.Because the traditional power grid has the feature of high cost, easy to cause waste and unreliable system, and with the increasing user demand for electricity diversity, traditional power grid has already can't meet the development needs of the future [1].However, smart grid can meet this Long-term demand.Smart grid support and encourage integration of new energy power generation system (such as wind energy, tidal power, solar power generation system), but because of the discontinuity and randomness, new energy will cause the fluctuation of power grid, so in order to smooth the fluctuations and ensure the stability of power grid voltage and frequency, smart grid need other auxiliary system as a compensation of new energy system.Vehicle to grid can be used as a buffer of new energy.
Vehicle to grid technology allows bidirectional energy exchange between electric vehicles and the power grid under the unified dispatch and control of power grid, and it is an integral part of the smart Grid.The core idea of V2G is using the storage energy of a large number of EV as a buffer of power Grid and new energy.When the power load is high, EV will feedback the surplus electricity to the power grid, and when the load is low, a large number of EV battery pack can be used to store excess power grid electricity.In this way, the V2G technology not only can be used as a buffer of new energy, but also play the role of peak shifting.Advantages of V2G: 1) using EV as a power grid buffer, and providing ancillary services for power grid, such as peak shaving, spinning reserve, reactive power compensation, etc., 2) providing EV owners with an extra income, and offsetting part of the cost to buy electric cars, which is conducive to the popularization of clean vehicles, 3) increasing power grid stability and reliability, and reducing the power system operating costs [2].
The V2G communications infrastructure can facilitate better power load management, and hence improve energy efficiency and reliability.However, the infrastructure may suffer from severe security attacks and vulnerabilities.In the literature, there are only a few studies on privacy and security issues in V2G networks, although several studies have been performed to enhance security and preserve privacy in the smart grid in general.H. R. Tseng et al. [3] noticed the privacy concerns created by EV owners' identity information leakage.They utilized a restrictive partially blind signature to protect the identities of the owners.
The protocol has been proven to preserve identity and location privacy, and to achieve data confidentiality and integrity.Yang et al. [4] identified the emerging privacy issues in V2G networks, and secure communication architecture was built to achieve privacy-preserving EV monitoring, in which an ID-based blind signature was introduced to enhance anonymity.References [3] and [4] based on the blind signature to ensure the safety of the electric car users' privacy information, but blind signature algorithm is very complex, and it will bring huge delays to identity verification in V2G network.Miao He et al. [5] propose a privacy-preserving multi-quality charging (PMQC) scheme to evaluate the EV's attributes, and authenticate its service eligibility and generate its bill without revealing the EV's private information.This scheme reduces the delays of identity verification in references [3] and [4].Hong Liu [6] distributes EVs into home mode and visiting mode, discusses the privacy security requirement of EVs in these two models, and designs security authentication scheme for each model.Guo et al. [7] proposed an authentication protocol to deal with multiple responses from a batch of vehicles.The proposed scheme introduced the concept of interval time for an aggregator verifying multiple vehicles, and the aggregator broadcasts a signed confirmation message to inform multiple vehicles using only one signature.The batch verification scheme employs a modified digital signature algorithm.Reference [8] distributed EVs into: charging, fully-charged (FC), and discharging, proposed a battery status-aware authentication scheme (BASA) Z. W. Sun to address the issue for V2G networks.References [7] [8] introduced batch authentication, which greatly reduces authentication delays of V2G.Because of pure anonymous, pseudonym technology is not a very good way to solve the security problem of vehicle privacy, and the above solutions are based on mixed scheme of anonymous technology and encryption technology, which will also bring great communication delay and computational over-head to LAG, so they are not suitable for V2G networks with a large number of users.
The remainder of paper is organized as follows: section II introduces security threats and requirement of V2G communication.Section III presents an anonymous group signature authentication scheme.Section IV shows the security analysis of our scheme.Finally, section V makes a conclusion.

Security Threats and Requirements of V2G Communication
V2G should follow a fundamental principle: V2G cannot reduce or damage the security of smart grid.Lu et al. [9] divided the threat of SG into three categories: 1) availability of communication network; 2) integrity of communication data; 3) confidentiality of communication data.These security threats are also exist in V2G.Here we present some specific V2G security threat scenarios and serious consequences.
• When V2G communication network is under attack and data have been tampered, security control center will make wrong decision, which will influence the stability of power grid and charging/discharging plan of EVs.If a wide range of communication networks are subject to this type of attack, it will lead to the entire power system run under the conditions of fault data, and bring serious threat to the safety of power grid.• When V2G communications network is under distributed denial of service attack (DDOS), related data information will be delayed, blocked, or even damaged.PEV/PHEV charge and discharge cannot be reasonably arranged so as to adapt to the current network conditions, which is likely to aggravate the load on the grid.Users can't get the vehicle energy state, the state power load and billing information etc. in time, and thus they cannot make full use of time-sharing electricity to charge and discharge EVs.
• Data privacy of V2G in the process of communication include: the vehicle's location information, the user's identity, battery type, the user's payment information, ST process information, etc. Regardless of the privacy protection would be likely to lead to leakage of users' personal identity and electric car location information.A malicious attacker can also deduce user's habits (activities range of the user, and, driving path and distance information) by basing on a lot of user data, such as charging time, charging locations and charging amount information [10].
• When malicious terminal connected to the electricity grid in the form of V2G, the data of DSO can be tapped, forged and damaged, so it is needed to firstly verify identity in DSO communication network, which requires au-Z.W. Sun thentication protocol which has efficient design and can resist various attacks to meet the needs of real-time and security of V2G communication network.

An Anonymous Group Authentication Scheme for V2G
Boneh's group signature has advantages of short signature and save communication bandwidth [11], here we take the group signature as cryptography foundation of the proposed scheme.

System Model
The system model is described in Figure 1.There are five kinds of entities involved in the architecture, including trusted authority (TA), central aggregator (CAG), local aggregator (LAG), charging/discharging station (ST), electric vehicles (EV).TA is responsible for assignment of public/private key, certificate of EV, and tracing of signature.CAG divide the recharge area into a number of LAG subsets.LAG carries out register of EV, distribute group for EV, and generates group public key and private key of group member.ST can directly monitor and communicate with each EV and send the collected monitoring data to LAG, and then provides charging or discharging service for EV.

Authentication Scheme
Boneh's [11] group signature has advantages of short signature and save communication bandwidth, so we make the group signature as cryptography foundation of this scheme.x Z ∈ as its secret at random, and then sends this i x to TA after encrypting it with its private key.TA computes: , and sends ( ) The group public key is ( ) . The revocation token corresponding to a i EV 's key ( ) No party is allowed to possess γ , it is only known to LAG. , , R R R , where  ( )

R e T g e v w e v g
If it is, the signature is verified, and ST i makes revocation check, i.e. for each , T T , by ( ) ( ) , T T , i EV has not been revoked.
The overall process is shown in Figure 2.

Batch Authentication
Batch validation method can judge whether the signature collection contains invalid signature, thus reduce the verification time.When large-scale EVs connect to power grid, it is needed to use batch authentication to reduce verification time.
, after ST received collection of messages i M and signatures i δ , it verifies the signature collection using batch authenti- cation by ; , If equality holds, continue.

Security Analysis
Firstly, LAG, TA or malicious EV cannot fake other entities to generate group signature, so this scheme has strong unforgeability.For example, suppose a malicious EV has forged a signature the signature to confirm the identity of the signer.So our scheme has strong anonymity, and it can ensure that the identity information of EV user cannot be leaked.So this scheme has the characteristics of anonymity.
Thirdly, due to the unforgeability of this group signature, only group members can generate valid group signature.Moreover, this scheme use Hash function, and it is not feasible that outside attackers want to get EV's private key through collecting common parameters to compute inverse operation of Hash function.So, our scheme can resist outside attack and protect data security of EV users.

Conclusion
This paper has proposed an anonymous group authentication scheme based on revocable group signature in view that EVs are frequently join and leave from ST, in which the signature scheme is dynamic, and EVs can dynamically join and withdraw.Algorithm overhead is essentially same with ordinary group signature algorithm.ST only need to add the vehicle information to revocation list RL when EV logs out ST, and other EVs can anonymously prove that they are not revocable group members.Besides, this scheme solves the problem that ST revocation management is complicated.

3 )
Signature computingEV computes group signature of message M through the following steps: verifies the signiture according to the following steps: if the challenge c is correct.

join the grid Identity verification, distribute public/private key and certificate Request to join ST Distribute group and generate group key Verify identity and certificate Request to join Verify certificate and distribute location EV ST LAG TA
Secondly, it is not feasible for other entities to determine the vehicle status according to the result of group signature.Other group members only know group of each group member.Although everyone can verify each signature is generated by group member, they cannot confirm who is signer.And only LAG can open Request toFigure 2. Vehicle to grid schematic diagram.